OCTO – SOC Manager (670228)

Contract with Government of the District of Columbia
OCTO – 200 I Street, SE Washington DC 20003
Position closes 01/04/2022

Short Description:

16 years of experience. Implements, administers, and operates various information security technologies.

Skills/Required Years of Experience:

Experience managing staff in a dedicated SOC environment (Required 5 Years)
Experience doing analysis of incident reports, aggregate monitoring date and alerts to anticipate threat posture for an organization (Required 5 Years)
16 yrs. implementing, administering, and operating IS tech such as firewalls, IDS/IPS, SIEM, Antivirus, net traffic analyzers, and malware analysis (Required 16 Years)
16 yrs. utilizing advanced experience with scripting and tool automation such as Perl, PowerShell, Regex (Required 16 Years)
16 yrs. developing, leading, and executing information security incident response plans (Required 16 Years)
16 yrs. developing standard and complex IT solutions & services, driven by business requirements and industry standards (Required 16 Years)
BS Degree in IT, Cybersecurity, Engineering, or equivalent experience (Required)

Complete Description:

The Security Operations Centre (SOC) Manager will manage the SOC functions and operations. Ensure the monitoring and analysis of incidents addressing all security incidents and ensuring timely escalations. The Security Operations Center Manager provides direction to analysts as well as a liaison to the Security Engineering teams and other departments within DC Government agencies.

• Manage the day-to-day SOC Operations as well as additional Incident Response activities as required
• Supervise the SOC team, provide technical guidance, and interface with teams within OCTO and other DC Government agencies as needed
• Oversee all management activities related to SOC operations including but not limited to people management, training, and mentoring.
• Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges in managing SLAs
• Regularly interact with senior leadership and agency technology leadership.
• Serve as a member of the CSIRT leadership team, with the role of IR Manager
• Responsible for running the periodic IR tests, writing IR Test reports, and driving ‘lessons learned’ activities.
• Perform threat management, threat modeling, identify threat vectors and develop use cases for security monitoring
• Creation of reports, dashboards, metrics for SOC operations and presentation
• Timely threat intel information sharing with public and private partners.


  • Five years of demonstrated operational experience as a cybersecurity analyst/engineer handling and coordinating cybersecurity incidents and response in critical environments, and/or equivalent knowledge in areas such as; technical incident handling and analysis, intrusion detection, log analysis, penetration testing, and vulnerability management.
  • In-depth understanding of current cybersecurity threats, attacks and countermeasures for adversarial activities such as network probing and scanning, distributed denial of service (DDoS), phishing, ransomware, botnets, command and control (C2) activity, etc.
  • In-depth hands-on experience analyzing and responding to security events and incidents with most of the following technologies and/or techniques; leading security information and event management (SIEM) technologies, intrusion detection/prevention systems (IDS/IPS), network- and host-based firewalls, network access control (NAC), data leak protection (DLP), database activity monitoring (DAM), web and email content filtering, vulnerability scanning tools, endpoint protection, secure coding, etc.
  • Strong communication, interpersonal, organizational, oral, and customer service skills.
  • Strong knowledge of TCP/IP protocols, services, and networking.
  • Knowledge of forensic analysis techniques for common operating systems.
  • Adept at proactive search, solicitation, and detailed analysis of threat intelligence (e.g., exploits, IOCs, hacking tools, vulnerabilities, threat actor TTPs) derived from open-source resources and external entities, to identify cybersecurity threats and derive countermeasures, not previously ingested into network security tools/applications, to apply to protect the Government of the District of Columbia network.
  • Excellent ability to multi-task, prioritize, and manage time and tasks effectively.
  • Ability to work effectively in stressful situations.
  • Strong attention to detail.


  • Undergraduate degree in computer science, information technology, or related field.
  • SANS GCIA, GCED, GPEN, GCIH or similar industry certification desired.


  1. Expertise in implementing, administrating and operating information security technologies such as firewalls, IDS/IPS, SIEM, Antivirus, network traffic analyzers and malware analysis tools.
  2. Utilizes advanced experience with scripting and tool automation such as Perl, PowerShell, Regex.
  3. Develops, leads, and executes information security incident response plans.
  4. Develops standard and complex IT solutions & services, driven by business requirements and industry standards.
  5. May also leverage dynamic and static code assessment tools to measure vulnerability of applications throughout the SDLC.

Background check is required, if selected for the position.
There are no reimbursable expenses allocated to this position.

This entry was posted in Closed Positions. Bookmark the permalink.